I have the following challenge.
A private ssh-key is stored in aws secretmanager as secret.
Now I want to get this secret with cli and use it directly in ssh-keygen to get the corresponding public key
ssh-keygen can do that with -y parameter, but has to get a file as input.
Now the problem is, that the output is not usable when I pipe it to a file OR stdin
Examples:
Doesn´t work:
ssh-keygen -yf /dev/stdin <<<$(aws secretsmanager get-secret-value --secret-id <secretname> --region <secret> --output text --query SecretString)
Nor this:
aws secretsmanager get-secret-value --secret-id <secretname> --region <secret> --output text --query SecretString > tempfile.key
chmod 600 tempfile.key
ssh-keygen -yf tempfile.key
Both commands result in an interactive "Enter passphrase" (the key has no passphrase, so it seems to be that the contents are messed)
When I copy / paste the output manually to file and use the file it works.
So, what´s my problem here ?
Many thanks in advance and Greetings,
JP
UPDATE:
vimdiff shows me a difference in whitespace, but I have no clue how to solve this :-(
Related
I'm using this command "aws ec2 describe-instances --region us-west-2 --filters "Name=instance-state-name,Values=running" --output table --query 'Reservations[].Instances[].InstanceId'". Returns a list of all my running ec2's in us west 2, i'd like to take each output in this list and loop through each one with another command to see which ones are using ssm. Thanks for all responses.
I've tried making an empty array, but that got me no where.
What I've tried, making variable x an empty list
x=[]
and then running the above command to try to have outputs added to empty list x=aws ec2 describe-instances --region us-west-2 --filters "Name=instance-state-name,Values=running" --output table --query 'Reservations[*].Instances[*].InstanceId'. In general I am more familiar with python, but this was just meant to be a quick bash tool.
error: getNonSSMEC2.sh: line 3: ec2: command not found
So firstly - when you want to capture bash command output as a variable you need to declare it like this: x=$(ls) or x=`ls`
Regarding loop:
x=`aws ec2 describe-instances --region us-west-2 --filters "Name=instance-state-name,Values=running" --query 'Reservations[*].Instances[*].InstanceId'`
for id in $(echo $x | jq -r ".[0][0]")
do
echo $id
done
I assume in the loop you should use this function to get SSM informations: https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html
Btw, you can always use describe-instance-information to get list of ec2 instances instead of using ec2 describe-instances.
AWS cli version used on Mac :
aws-cli/1.20.35 Python/3.9.9 Darwin/20.6.0 botocore/1.21.35
Command :
aws --profile new secretsmanager get-secret-value --secret-id testsecret --output text --query SecretString
Output:
{"passwd":"xxx"}
How do I get only 'xxx'?
Got this from doc - If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.
Created the secret via aws-cli. Then the output of get-secret-value is 'xxx'.
Is there an option I can give this command to make it iterate through all my profiles/accounts?
aws ec2 describe-instances --query "Reservations[*].Instances[*].
{PublicIP:PublicIpAddress,Type:InstanceType,Name:Tags[?Key=='Name']|
[0].Value,Status:State.Name}" --filters "Name=instance-state-name,Values=running"
"Name=tag:Name,Values='*'" --output table
I have to run this in multiple accounts and I was wondering if there's a way to avoid writing a script that loop through all the profiles
I can't find anywhere if there is something like --profile allProfiles or --profiles [*]
You will need to create a simple script since aws cli only works for a single profile.
In bash, that would be something like:
for profile in `aws configure list-profiles`; do aws ec2 describe-instances --profile $profile ;done;
What might be useful is to append each command's output to the same file and then process the file as if it was the output of a single command:
outputFile=`mktemp` ; for profile in `aws configure list-profiles`; do aws ec2 describe-instances --profile $profile >> $outputFile ;done; cat $outputFile
For json you might want to process the commands output via jq before appending to file.
i am trying to fetch VPC details for all region.i tried to run my script without default profile which results in error "You must specify a region. You can also configure your region by running "aws configure" ,evnthough i have my own profile configured with all required details for it.
same script works fine after configuring default profile.
Question is does AWS CLI requires default profile as mandatory ?
My script
for region in `aws ec2 describe-regions --output text| cut -f4`
do
aws ec2 --profile sam --region $region --output text --query 'Vpcs[*].{VpcId:VpcId,CidrBlock:CidrBlock}'
describe-vpcs
done
cat .aws/config
[profile sam]
output = json
region = us-east-1
If you don’t have a default profile configured, you can define the target profile with the --profile option.
aws ec2 describe-regions --profile profile-name
Another way is to set the AWS_PROFILE environment variable. This way you don’t have to explicitly add the option for every AWS CLI command.
export AWS_PROFILE=profile-name
Seems a bug in your script. I tried the below and it worked for me.
for region in `aws ec2 describe-regions --output text| cut -f4`
do
aws ec2 describe-vpcs --profile <myProfile> --region $region --output text --query 'Vpcs[*].{VpcId:VpcId,CidrBlock:CidrBlock}'
done
found the issue , need to add --profile in my first line of code as well.It works fine now.
for region in `aws ec2 describe-regions --profile sam --output text| cut -f4
Hi can someone help with this
I am using the Amazon AWS CLI command in a bash script and have the following line and the output it gives.
aws ec2 describe-instances --instance-ids $Ins --query 'Reservations[*].Instances[*].[Tags[?Key==`Name`].Value]' --output text
' does not existd (InvalidInstanceID.NotFound) when calling the DescribeInstances operation:
The instance ID 'i-0c7bf4181bdfxxxxx Will be backed up
If I echo the value of $ins and hard code it in the command like
$ echo $Ins
i-0c7bf4181bdfxxxxx
$ aws ec2 describe-instances --instance-ids i-0c7bf4181bdfxxxxx --query 'Reservations[*].Instances[*].[Tags[?Key==`Name`].Value]' --output text
lon-prod-xxxx-xxxx
I don't understand why it works in the command when copied and pasted but not when used as a variable?
Additional Code, sure there are neater ways to do this but just need something quick. Just grabbing all the instance ids from a single VPC and then attempting to take an image of each in turn.
Instances=$(aws ec2 describe-instances --filter "Name=vpc-id,Values=$VPCID" --query 'Reservations[*].Instances[*].[InstanceId]' --output text)
for Ins in $Instances; do
echo $Ins
name=$(aws ec2 describe-instances --instance-ids $Ins --query 'Reservations[*].Instances[*].[Tags[?Key==`Name`].Value]' --output text)
echo $name Will be backed up
echo $Ins
aws ec2 create-image --instance-id $Ins --name "$name" --description "Auto backed up on $(date)" --no-reboot --$dryrun
echo "***"
done
enter code here
error is below, the first id is where i am echoing $Ins so it seems to know the ID, but i think it has a /r /n after it
i-0c7bf4181bdfxxxxx
' does not existd (InvalidInstanceID.NotFound) when calling the DescribeInstances operation:
The instance ID 'i-0c7bf4181bdfxxxxx Will be backed up
OK I fixed it, the variable did have a new line after it "/r"
Added this line
Ins=${Ins/$'\r'/} to strip it out and works OK now.